TWI666565B - Identity authentication system and method thereof - Google Patents

Abstract

The invention provides an identification and authentication system and a method thereof. The embodiment of the present invention provides a process for applying, installing, and verifying a mobile ID, and allows a user's mobile device to be a carrier of the mobile ID. Mobile identification cards can be applied to services related to internal identification of enterprises, groups, and government agencies, and can make identity identification smart and mobile. Provide mobile identification by air download mechanism. Provide gateway to one or more enterprises by gateway. In addition, combined with the advantages of dynamic graphics coding technology, geographic location, data key encryption, and transaction time recording, graphics coding can be generated for identity verification. Therefore, the use of dynamic graphics coding can provide high-security identity verification.

Description

Identification and authentication system and method

The invention relates to an identity authentication technology, and in particular to an identification authentication system and method.

The tangible or intangible assets of various companies are usually not allowed to be easily obtained by outsiders, so strict identification and authentication are needed to prevent outsiders from stealing. Traditional enterprise identification card technology mainly uses plastic cards with magnetic strips, smart chips, text printing, etc. as identification cards, but the production of plastic cards requires a certain card manufacturing cost. At present, smart mobile devices (for example, smart phones, tablet computers, etc.) are close to becoming basic equipment in modern people's lives. For example, a virtual corporate action identification certificate installed on a mobile device will enable cardlessness, making it easier to manage documents and solve the problem of plastic cards.

The invention provides an identification and authentication system and a method thereof, which dynamically generate a graphic code through a mobile device, and strengthen the identity verification by combining the current position and current time of the device, thereby ensuring the safety of identity recognition.

An identification and authentication system according to an embodiment of the present invention includes a mobile device, an identity reading device, and an identity verification server. The mobile device records the issuing unit identification information, personal identification information, and personal key. The issuing unit identification information, personal identification information, the current location of the mobile device, and the first current time are used to generate identity data through the personal key to identify the identity. The data is converted into graphic codes and displayed on the display screen. The identity reading device scans the graphic code to obtain identity data, and transmits the identity data, the current position of the identity reading device, and the second current time. The personal key can be generated by the encryption and decryption master key of the personal identification information and the identification information of the corresponding issuing unit. Decrypting the identity data based on the personal key to obtain the current location of the mobile device and the first current time, and according to the difference between the current location of the mobile device and the identity reading device, and the first current time and the second current time Differences can verify that your identity information is valid.

The identification and authentication method according to an embodiment of the present invention includes the following steps. The identification information of the issuing unit, the personal identification information, the first current position, and the first current time are encoded by the personal key to generate identity data, the identity data is converted into a graphic code, and the graphic code is displayed. Scan the graphic code to obtain the identity data, and send the identity data, the second current position and the second current time. Generate a personal key from personally identifiable information and the corresponding encryption and decryption master key. The identity data is decrypted based on the personal key to obtain a first current position and a first current time. Verify whether the identity data is valid according to the difference between the first current position and the second current position and the difference between the first current time and the second current time.

Based on the above, the identification and authentication system and method of the embodiments of the present invention provide a secure and convenient method for issuing dynamic graphical certificates, which includes the main processes of application, installation, dynamic graphical certificate generation, and identity verification. In the embodiment of the present invention, a network service can be used to provide a graphical mobile identification card required by the issuing unit, so that employees or visitors of the issuing unit can use the mobile device as an identification card carrier for identity identification and Administrative process related identity verification use. In addition, it combines graphics coding technology, geographic information, time, and key encryption data to generate highly secure and dynamic mobile identification cards. Through the enterprise action ID application process, after approval, you can use the mobile ID application on your mobile device to implement your business ID service.

In order to make the above features and advantages of the present invention more comprehensible, embodiments are hereinafter described in detail with reference to the accompanying drawings.

FIG. 1 is a schematic diagram of an identification and authentication system 1 according to an embodiment of the present invention. Referring to FIG. 1, the identification and authentication system 1 includes at least, but not limited to, a mobile device 100, an identity reading device 110, an identity verification server 115, an intermediary gateway 120, and one or more management unit systems 130.

The mobile device 100 may be a portable device such as a smart phone, a tablet computer, a handheld game console, etc., which has at least a communication module (supporting such as Wi-Fi, or third generation (3G) or later generation mobile communication, etc.) , And processors (for example, CPU, GPU, or application-specific integrated circuit (ASIC), etc.). The mobile device 100 loads and can run a mobile ID application 101 or other identification-related software. The mobile ID application 101 has a user interface (UI) to provide related information such as ID application, dynamic code generation, display, query, and verification.

The identity reading device 110 may be any type of one-dimensional and / or two-dimensional barcode scanner, camera, card reader, wireless communication receiver, or a combination of the above devices. In the implementation of the present invention, the identity reading device 110 can at least obtain a graphic code formed by a one-dimensional and / or two-dimensional barcode through image scanning and the like. In some embodiments, the identity reading device 110 may read the identity recorded in an identity verification vehicle (not shown, for example, a smart card, a mobile phone, an object with a radio frequency identification (RFID), etc.) wirelessly or by wire. data. In addition, in other embodiments, the identity reading device 110 may be connected to an access control, signing, or other identity verification device, and respond to the authentication result to perform operations such as opening and closing, signing, etc., depending on the actual situation of the application. You can adjust it according to your needs.

The identity verification server 115 may be any type of server, computer host, workstation, and other devices. The identity verification server 115 is connected to the identity reading device 110. The intermediary gateway 120 may be a gateway device, a routing device, a computer host, and other devices, and is connected to the identity verification server 115.

The management unit system 130 includes, but is not limited to, an identification application server 131, a card management server 132, and an office server 133. The management unit system 130 can be applied to institutions such as enterprises, companies, businesses, government units, groups, schools, and the like. The bid server 131, the card management server 132, and the duty server 133 may be any type of server, computer host, workstation, and other devices, and the detailed operations thereof will be described in detail in subsequent embodiments. It should be noted that, in this embodiment, the intermediary gateway 120 is an intermediary role, and is used to interface the identity verification server 115 and each independent management unit system 130. In some embodiments, if only one management unit system 130 is served, the identity verification server 115 may directly interface with the management unit system 130 and may not need to forward data through the intermediary gateway 120.

In order to facilitate understanding of the operation flow of the embodiments of the present invention, the following describes the operation flow of the identification and authentication system 1 in the embodiments of the present invention in detail. Hereinafter, the method described in the embodiment of the present invention will be described with each device in the identification and authentication system 1. Each process of the method in the embodiment of the present invention can be adjusted according to the implementation situation, and is not limited to this.

FIG. 2 is a flowchart of an identification and authentication method-application and installation phase according to an embodiment of the present invention. Please refer to FIG. 2. For the application process, the pre-operation is that a mobile ID application 101 needs to be installed on the mobile device 100 on the user side, and the mobile ID application 101 can generate products such as QR codes and universal products after running. Code and other types of graphics coding. Mobile device 100 or other networked device receives a user's application for a mobile identification card through a web page electronic form or other user interface (may provide personal identification information (e.g., employee number, ID number, passport number, etc.), telephone Information such as numbers, etc.), and these application-related information will be transferred to the identification application server 131 of the corresponding management unit system 130 through the network and through the intermediary gateway 120 (step S201).

The identification application server 131 checks whether the application-related information is allowed (for example, whether it is the correct mobile ID application 101, compatible hardware equipment, appropriate application specifications, etc.); if it is allowed, the application information will be checked; if If it is not allowed, the relevant information is rejected (step S202). The identification application server 131 then sends the received application related information (for example, employee number, identity card number, mobile phone door number, etc.) to the card management server 132 for verification, and queries and verifies via the personnel database 134 to It is confirmed whether the applicant is an internal member or an allowable member of the institution (ie, confirms whether the eligibility for the application meets) (step S203).

If the application-related information meets the eligibility requirements, the personnel database 134 will provide the corresponding employee or personnel identification card information (such as card times, photos, etc.) to the card management server 132, and the card management server 132 generates corporate actions Relevant identity data of the identification card (step S204). The card management server 132 will apply or update the identity data corresponding to the qualified applicants to the application completion whitelist, and provide this application completion whitelist to the intermediary gateway 120; the intermediary gateway 120 will forward the application completion whitelist to The identity verification server 115 (step S205).

The identity verification server 115 may establish or update the approved white list based on the obtained completed application white list, and note the corresponding contact information of the applicant (for example, mobile phone door number, local phone number, etc.) as an action identification certificate that can be issued by a specific agency. (Step S206). The card management server 132 will also be notified by the identity verification server 115 that an approval whitelist has been established and wants to provide a mobile identification card. The card management server 132 can send an installation verification code to the mobile device 100 or its connection via the network or a text message. Network device (step S207).

For the installation phase, the mobile ID application 101 running on the mobile device 100 can provide a user interface to receive user input operations. For example, click "Add Mobile ID" and enter the phone number and / or other personal information. The personal information input by the user is transmitted to the identity verification server 115, and the identity verification server 115 can query whether there is corresponding personal information in the approved white list according to the information (step S211). The identity verification server 115 uses, for example, the mobile phone number of the mobile device 100 or other personal information to verify whether it is possible to provide a mobile identification certificate (step S212). The identity verification server 115 can obtain the applicant's employee, member, member, or visitor identification information (for example, identification information of the issuing unit, personal identification information, etc.) from the corresponding card management server 132 through the intermediary gateway 120 (step S213). The identity verification server 115 converts the obtained identification data into identity data (for example, issuing unit identification information, personal identification information, personal key, etc.) as a mobile identification card (step S214).

The identity verification server 115 writes the identity data related to the mobile ID of the user who submitted the application to the mobile device 100 by using an over-the-air (OTA) method. The identity information related to these mobile IDs includes the identification information of the issuing unit (hereinafter referred to as cID), personal identification information (for example, identification card identification code (hereinafter referred to as uID)), and personal information (for example, name, birthday, etc. cardinfo), and / or personal key (hereinafter referred to as uK) for subsequent identification (step S215). The personal key (uK) in mobile device 100 will be protected by encryption or a secure element. The identity verification server 115 may notify the intermediary gateway 120 of the completion of the issuance of the mobile identification certificate to be forwarded to the card management server 132 (step S216). After the card management server 132 receives the issuance related information, it will The identity information corresponding to the user who issued the bid operation establishes or updates the issuance completion list (step S217).

The mobile ID application 101 can connect to the intermediary gateway 120, and obtain the explicit data of the mobile ID (for example, the difference between the user interface) and the user database 134 or the travel server 133 through the intermediary gateway 120. Record, asset information, etc.) (step S218). That is, the installation phase is completed.

It is worth noting that, after completing the application and installation stages, the embodiments of the present invention further provide two modes of online and offline verification, which will be described in detail below.

FIG. 3 is a flowchart of an online verification phase of an identification and authentication method according to an embodiment of the present invention. Please refer to FIG. 3. Through the application and installation stages of the embodiment shown in FIG. 2, the identity verification server 115 can record information as shown in Table (1) for each user: Table (1) Issuer identification information cID, encryption and decryption master key (hereinafter referred to as cMK) Read device information cID, identity reading device identification code (hereinafter referred to as rID), current position of the identity reading device (hereinafter referred to as rGPS) Approve whitelist information cID, approved whitelist Identity information related to action ID cID, uID, cardInfo The identity reading device 110 records information as shown in Table (2): Table (2) Read device information rID, rGPS In addition, the mobile ID application 101 records information as shown in Table (3): Table (3) Issuer identification information cID Identity information related to action ID uID uK cardInfo

The following will be used in conjunction with the scenario description: The graphic code used by the mobile ID application 101 is used for mobile identification as a one-time use for security purposes. Each time the graphic code used in the identity test is valid once. Therefore, the user must dynamically generate a new graphic code before the identity reading device 110 using the mobile identification card application program 101 for identity identification each time the card is swiped (step S301). For example, the mobile ID application 101 uses a personal key (uK) to identify the issuing unit (cID), personal identification information (e.g., uID, cardinfo), the current location of the mobile device 100 (hereinafter abbreviated as uGPS), and The generated current time (hereinafter abbreviated as uTime) is encrypted and encoded to generate identity data (for example, [cID, uID, uGPS, uTime, cardInfo] uK, cID ', uID'], where cID = cID 'and uID = uID') , And convert this identity data into a graphic code (for example, a QR code or other one-dimensional or two-dimensional bar code), and the graphic code can be displayed on the display screen of the mobile device 100.

The user can bring the mobile device 100 displaying the graphic code close to the identity reading device 110, so that the identity reading device 110 can scan this graphic code to obtain corresponding identity data, and the personal identification information in the identity data (for example, [cID , uID, uGPS, uTime, cardInfo] uK, cID ', uID'] ...), the current position of the identity reading device 110 (rGPS), the identification code (rID), and the current time when the identity reading device 110 scans the graphic code (Hereinafter abbreviated as rTime) is transmitted to the identity verification server 115 (step S302).

After the identity verification server 115 receives the identity data and related data transmitted by the identity reading device 110, it can perform verification (step S303). For example, the identity verification server 115 may self-discover the corresponding encryption and decryption master key (cMK) in the database based on the identification information (e.g., cID ') of the issuing unit, and then use the personal identification information to generate an individual. Key (uK) (ie, the combination of cMK and uID 'yields uK). Then, the identity verification server 115 can decrypt the identity data carried by the graphic code through the generated personal key (uK) to obtain the current location (uGPS), the current time (uTime), and personal identification information ( uID, cardInfo) and issuing unit identification information (cID) (that is, uK decodes the encoded identity data to obtain cID, uID, uGPS, uTime, cardInfo). The identity verification server 115 verifies whether the decoded identity data is valid. For example, if the decrypted issuer identification information (cID) and personal identification information (uID) are the same as the unencoded issuer identification information (cID ') and personal identification information (uID'), determine whether the mobile device 100 and the identity read Take the difference between the current time (uTime, rTime) of the device 110 (for example, whether it is less than the effective safety time (for example, 1 minute, 30 seconds, etc.)) and the difference between the two current positions (uGPS, rGPS) (for example, , Whether it is less than the effective safety range (for example, within 500 meters, within 100 meters). As a one-time graphic code inspection is required, the hash value of the current transaction record is compared with all previous transaction records (for example, the hash value inspection) to confirm that the identity information submitted by the mobile ID is one-time and not reused. .

If the mobile ID is successfully verified by the identity verification server 115, the following information [cID, uID, rID, rTime, cardInfo] will be recorded in the card swipe record, and the hash value of each transaction record will be recorded (step S304). The identity verification server 115 may notify the identity reading device 110 that the identity data is valid and verify and send the corresponding identification data (step S305), and may transfer the credit card record to the corresponding travel server 133 through the intermediary gateway 120. After the identity reading device 110 receives the successful card swiping information, it will execute the relatively required door opening (access control card machine) or display the successful card swiping (offer card machine), and / or other necessary identification information (step S306).

FIG. 4 is a flowchart of an offline authentication phase of the identification and authentication method according to an embodiment of the present invention. Please refer to FIG. 4. Through the application and installation stages of the embodiment shown in FIG. 2, the identity verification server 115 can record information as shown in Table (1) for each user; the identity reading device 110 records information as shown in Table (2).

For offline verification, the identity reading device 110 needs to be equipped with an identity verification vehicle 103 (for example, a Secure Access Module (SAM), a smart card, a magnetic stripe card, a chip card, an RFID object, etc.). The identity verification vehicle 103 will write the issuing unit identification information (cID) and the corresponding encryption and decryption master key (cMK) to decrypt the encrypted part of the identity data, so that it is not necessary to verify through the identity verification server 115 . In addition, the mobile ID application 101 records information as shown in Table (3).

The following description will be used in conjunction with the scenario: The mobile ID application 101 first generates a new graphic code as in step S301, and this graphic code contains some personal key (uK) encrypted and some unencrypted identity data (step S401) . The user can bring the mobile device 100 displaying the graphic code close to the identity reading device 110, so that the identity reading device 110 can scan the graphic code to obtain corresponding identity data, and the current position (rGPS) of the identity reading device 110, The identification code (rID) and the current time (rTime) scanned by the identity reading device 110 to the graphic code will be recorded (step S402). In step S402, the user can read the mobile device 100 with the graphic code to be read by the identity reading device 110 to obtain personal identification information (cID ', uID').

After the identity reading device 110 receives the obtained identity data and related data of the identity reading device 110, it can perform verification (step S403). For example, the identity reading device 110 may use the identification information (for example, cID ') of the issuing unit recorded by the identity verification vehicle 103 and corresponding to the graphic code to obtain the encryption and decryption master key (cMK), and receive The personal identification information (for example, uID ') and the encryption and decryption master key (cMK) corresponding to the identification information of the issuing unit (for example, cID') to generate the personal key (uK). Then, the identity reading device 110 can decrypt the identity data carried by the graphic code through the generated personal key (uK) to obtain the current position (uGPS), the current time (uTime), and personal identification information ( uID, cardInfo) and issuing unit identification information (cID). The identity reading device 110 verifies whether the decoded identity data is valid. For example, whether the decrypted issuer identification information (cID) and personal identification information (uID) are the same as the unencrypted issuer identification information (cID ') and personal identification information (uID'), determine whether the mobile device 100 and the identity read Take the difference between the current position (uGPS, rGPS) of the device 110 (for example, whether it is less than the effective safety range (for example, within 500 meters, 100 meters)), and the difference between the two current times (uTime, rTime) (E.g., is it less than the effective safety time (e.g., 1 minute, 30 seconds, etc.)).

If the mobile ID is successfully verified by the identity reading device 110, the identity reading device 110 will record the following information [cID, uID, rID, rTime, cardInfo] in the card record. In addition, the identity reading device 110 may perform a relatively required door opening (access control card machine) or display a successful card swiping (offer card machine), and / or other necessary identification information.

In summary, the identification and authentication system and method in the embodiments of the present invention provide a safe and convenient method for issuing dynamic graphical certificates, which includes the main processes of application, installation, dynamic graphical certificate generation, and identity verification. By providing a mechanism for generating a graphic code for a highly secure corporate action identification card, it is ensured that only legal identity reading devices are capable of scanning and analyzing the identity data carried by the graphic code. The embodiment of the present invention allows employees / guest users of an enterprise to apply, and download and install a mobile identification card through a mobile device. Users can use mobile device ’s mobile ID application to dynamically update the highly secure mobile ID graphic code. And because the data encryption mechanism, geographic information, and transaction time checking mechanism are used, the action identification provided by the embodiments of the present invention is suitable for internal use by enterprises that need to have confidentiality and security requirements.

Because the embodiment of the present invention uses a unique personal key to encrypt to generate encrypted identity data, it can ensure that the problem of identity to be verified can be prevented from being scanned by arbitrary scanning of the graphic code, and only a legitimate verification device or system can decrypt it. Key to decrypt the identity data to be verified.

The embodiment of the present invention uses the company identification information of the mobile identification card, user identification information, identification card information, geographic information of the mobile device when the card is swiped, and time factors to encrypt the unique personal key to generate encrypted identity data. Therefore, in addition to decrypting to verify company identification information, user identification information, and identification card information, the verification end also needs to check whether the current location and time of the mobile device falls within the set security conditions when the mobile identification card is swiped. Whether it is a valid card swipe. Such a rigorous process is mainly to avoid graphic coding being stolen for fraud.

The embodiment of the present invention provides an online and offline verification mode: for online verification, the graphic code scanning of the mobile identification card, and the identity reading device of the enterprise scans the graphic code to analyze the identity data to be verified. Then, the identity reading device transmits the encrypted identity data plus the relevant data of the identity reading device (for example, the identification code, the current position, and the scan time) to the back-end system via the network for the identity verification process. For offline verification, the identity reading device can be used with an identity verification vehicle (and this identity verification vehicle needs to write the company identification information and its corresponding encryption and decryption master key (cMK) in advance; to be scanned by the graphic code of the mobile identification card , The identity data to be verified can be parsed. Then, the identity reading device calculates the personal key used for decryption according to the identity data and the corresponding encryption and decryption master key (cMK) content recorded by the identity verification vehicle, that is, This personal key can be used for subsequent identification verification procedures.

The action identification certificate provided by the embodiment of the present invention will be valid once. In other words, after each transaction is verified, the graphic code of the mobile identification card installed on the mobile device becomes invalid. Therefore, the user must use the corresponding application to update the graphic code of the mobile ID card when using the mobile ID card, and the new graphic code can be used for identity verification, otherwise it will be invalid.

Although the present invention has been disclosed as above with the examples, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field can make some modifications and retouching without departing from the spirit and scope of the present invention. The protection scope of the present invention shall be determined by the scope of the attached patent application.

1‧‧‧Identification and authentication system

100‧‧‧ mobile device

101‧‧‧ Mobile ID application

103‧‧‧ Identity Vehicle

110‧‧‧ Identity reading device

115‧‧‧ Identity Server

120‧‧‧Intermediate Gateway

130‧‧‧Management unit system

131‧‧‧Identify the bid server

132‧‧‧Card Management Server

133‧‧‧office server

134‧‧‧Personnel database

S201 ~ S218, S301 ~ S306, S401 ~ S403‧‧‧steps

FIG. 1 is a schematic diagram of an identification and authentication system according to an embodiment of the present invention. FIG. 2 is a flowchart of an identification and authentication method-application and installation phase according to an embodiment of the present invention. FIG. 3 is a flowchart of an online verification phase of an identification and authentication method according to an embodiment of the present invention. FIG. 4 is a flowchart of an offline authentication phase of the identification and authentication method according to an embodiment of the present invention.

Claims (10)

An identification and authentication system includes: a mobile device that records identification information of an issuing unit, personal identification information, and a person key, and uses the personal key to identify the issuing unit, the personal identification information, the current location of the mobile device, And a first current time code to generate identity data, convert the identity data into a graphic code, and display the graphic code through a display screen; an identity reading device, scan the graphic code to obtain the identity data, and send The identity data, the current position of the identity reading device, and a second current time, wherein the personal key is generated by the personal identification information and the encryption and decryption master key corresponding to the identification information of the issuing unit, and is based on the personal key Decrypt the identity data to obtain the current location of the mobile device and the first current time, and based on the difference between the current location of the mobile device and the identity reading device, and the first current time and the first The difference between the current time verifies that the identity information is valid. The identification and authentication system according to item 1 of the scope of patent application, wherein the identity information further includes unencrypted identification information of the issuing unit and the personal identification information, and decrypted identification information of the issuing unit and the personal identification information are further updated. It is determined whether the identity information of the issuing unit and the personal identification information are not encrypted to verify whether the identity data is valid. The identification and authentication system described in item 1 of the patent application scope further includes: an identity verification vehicle, which records the identification information of the issuing unit and its corresponding encryption and decryption master key, wherein the identity reading device is based on the individual Identification information and the obtained personal identification key generated by the encryption and decryption master key recorded in the identity verification vehicle relative to the identification information of the issuing unit; or an identity verification server from the database based on the identification information of the issuing unit Obtain the encryption and decryption master key, and generate the personal key according to the personal identification information and the encryption and decryption master key. The identification and authentication system described in item 1 of the scope of patent application, further includes: an identification application server that receives the application submitted by the mobile device via the network, and writes the identity information to the corresponding application through air download. The issuing unit identification information, the personal identification information and the personal key to the mobile device; and a travel server, in response to the identity data being valid, reading the issuing unit identification information, the personal identification information, the identity read The identification information of the device and the second current time are recorded in a credit card record corresponding to the personal identification information. The identification and authentication system according to item 4 of the scope of patent application, further comprising: a plurality of management unit systems, each of which includes at least one of the identification application server and the duty server; and an intermediary A gateway that forwards data from the identity verification server to one of the management unit systems. An identification and authentication method includes: using a person's key to identify an issuing unit, a person's identification information, a first current position, and a first current time code to generate identity data, and converting the identity data into a graphic code, And display the graphic code; scan the graphic code to obtain the identity data, and transmit the identity data, a second current location and a second current time; generate the individual through the personal identification information and the corresponding encryption and decryption master key A key; decrypting the identity data based on the personal key to obtain the first current position and the first current time; and based on a difference between the first current position and the second current position, and the first A difference between a current time and the second current time verifies whether the identity data is valid. According to the identification and authentication method described in item 6 of the scope of patent application, wherein the identity data further includes unencrypted identification information of the issuing unit and the personal identification information, and the step of verifying whether the identity data is valid further includes: judging after decryption Whether the issuing unit identification information and the personal identification information are the same as the unencrypted issuing unit identification information and the personal identification information to verify whether the identity information is valid. The identification and authentication method according to item 6 of the scope of patent application, wherein the step of scanning the graphic code to obtain the identity information includes: using an identity verification vehicle to generate the encryption and decryption master key, and based on the personal key to the The step of decrypting the identity data includes: generating the personal key according to the personal identification information and the encryption and decryption master key corresponding to the identification information of the issuing unit recorded on the identity verification vehicle. According to the identification and authentication method described in item 6 of the scope of patent application, before the step of generating the identity information, the method further includes: receiving a bid application submitted via the Internet; and writing the identity data into the corresponding application through air download. The issuer identification information, the personal identification information, and the personal key; and after the step of verifying whether the identity information is valid: In response to the identity information being valid, the issuer identification information, the personal identification information, and the identity are read The identification information of the device and the second current time are recorded in a credit card record corresponding to the personal identification information. The identification and authentication method described in item 6 of the scope of patent application, further includes: transmitting the verification result of the identity data to a corresponding management unit system through an intermediary gateway.